Description: A PHP-CGI vulnerability was pubished this month (http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/) that results in source code disclosure and remote code execution.
To detect vulnerable sites we use the NSE script "http-cve2012-1823":
$nmap -p80 --script http-cve2012-1823 target
To obtain the source code of certan URI, the argument "uri" is used:
$nmap -p80 --script http-cve2012-1823 --script-args uri=/login.php objetivo
Tags: nmap , nse , phpcgi , php-cgi , exploit , scan , detect , vulnerability , php , websec ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.